Sodexo at University Hospitals

Sodexo at University Hospitals has a great opportunity for a BMET Cybersecurity Specialist located in Cleveland, OH.

Founded in 1866, University Hospitals serves the needs of patients through an integrated network of 21 hospitals (including five joint ventures), more than 50 health centers and outpatient facilities, and over 200 physician offices in 16 counties throughout northern Ohio.

University Hospitals provides compassionate care for more than a million patients a year – one patient at a time. Guided in this work by core values of Service Excellence, Integrity, Compassion, Belonging and Trust. Setting the highest standards for quality and patient safety and have received prestigious awards and recognition for high-quality care, a personalized patient experience, and the latest in medical and research innovations.

• Leads the technical activities associated with the delivery of a medical device cybersecurity program, such as collection of cybersecurity data elements in the asset inventory, implementation of cybersecurity controls, and execution of critical cybersecurity fixes.
• Leads the technical analysis of emerging cybersecurity threats to determine impact to any devices in the asset inventory.
• Advises on technical elements of cybersecurity strategy, including recommendations for improvement.
• Supports the collection of metrics and key performance indicators for leadership review.

Required Qualifications:

• Associate degree or equivalent experience
• 3 years of functional experience

Preferred Qualifications:

• Medical Device Knowledge: very deep knowledge of the design of medical devices including protocols for device maintenance, thorough knowledge of medical device functions and how they are used for patient care.
• Software and Server Management: experience with hands-on management of highly technical and sensitive hardware and software used to support patient care.
• Strong Awareness of Hospital Processes.
• Drive for Results: ability to coordinate access & interactions with medical devices under complex situations.
• Demonstrated Specialization in Cybersecurity: passion for cybersecurity for medical devices and experience with hands-on cybersecurity activities.

Working in Healthcare Technology Management for Sodexo, you will partner with our Healthcare clients to manage their clinical technology needs. Together, we provide leadership and expertise for their business, patients, residents, and the staff who care for them. At Sodexo, we improve the Quality of Life of all those we serve. If you share these values, apply today!

Please learn more about University Hospitals at: https://www.uhhospitals.org/

Sodexo offers a full array of benefits including paid time off, holidays, medical, dental, vision, 401K and access to ongoing training and development programs, tuition reimbursement, plus health and wellness programs.

How far will your ambition, talent and dedication take you? Sodexo fosters a culture committed to the growth of individuals through continuous learning, mentoring and other career growth opportunities, along with the performance of organizations. We believe it is important for our work to be meaningful to all who contribute to it, and we remain faithful to our mission, our core values and the ethical principles. We support these values and help them thrive in each employee.

We strive to make working for Sodexo a genuinely great experience with benefits to promote your professional, personal, and financial well-being, and to improve your Quality of Life now and into the future. Our experiences with our over 50 million customers each and every day enable us to develop Quality of Life services that reinforce the well-being of individuals.

At Sodexo, we have HTM positions at numerous client locations across the United States. Continue your search for HTM jobs

Sodexo offers fair and equitable compensation, partially determined by a candidate's education level or years of relevant experience. While the budgeted range for the position is posted, Sodexo salary offers are based on a candidate's specific criteria, like experience, skills, education and training.

Sodexo is an EEO/AA/Minority/Female/Disability/Veteran employer.

Summary

To perform penetration testing against systems across NFCU in order to identify weaknesses and provide guidance on remediation and prevention. Conduct application, network, wireless, and mobile assessments as well as lead red team campaigns. Assess a wide variety of critical systems and applications to discover exploitable risks to the credit union and improve the risk posture of the organization. Provide findings and remediation guidance to relevant teams and serve as subject matter expert to help engineering teams understand findings and successfully manage risk. Work is performed under limited supervision.

• Independently manage penetration tests from inception through delivery to include:
• Scoping assessments and establishing rules of engagement
• Designing penetration tests for systems and applications using established assessment frameworks; account for common and unique application and system considerations
• Sourcing and leveraging information such as source code, architecture diagrams, etc. to enhance assessment coverage
• Coordinating & scheduling testing with engineering teams across the enterprise
• Effectively managing relationships and communicating with engineering teams before, during, and after testing
• Acting as subject matter expert with engineering teams when communicating results, preventative measures, remediation steps, and other security related information
• Acting as a technical lead for multi-resource engagements
• Identify and prescribe remediation for vulnerabilities in NFCU applications, systems, and networks
• Leverage complex tactics including, but not limited to, lateral movement, network tunneling/pivoting, credential compromise, and hash cracking
• Lead red team exercises with a focus on stealth, long campaigns, social engineering, and realistic threats
• Enhance testing by identifying novel attack patterns against NFCU systems and applications based on real-world data
• Perform attacks consistent with common threats (e.g. OWASP top 10) as well as uncommonly observed attacks specific to certain technologies and frameworks
• Research and develop exploits for local and remote targets
• Craft proofs of concept as well as deployable exploits for both public and novel vulnerabilities
• Create and automate custom fuzzing leveraging techniques relevant to NFCU technologies
• Develop custom scripts (Nuclei, Python, etc) to check for security requirements specific to individual applications
• Communicate complex technical risks concisely to non-technical and executive audiences
• Effectively employ OpSec best practices to minimize distribution of vulnerability data
• Mentor and support more junior staff across the security organization
• Perform other duties as assigned

Required Qualifications:

• Bachelor's Degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience
• Advanced hands on experience in the field of cybersecurity and/or application security, with hands-on penetration testing or red teaming as the primary/exclusive role
• Advanced knowledge of MITRE ATT&CK and/or CAPEC Frameworks
• Experience testing against Active Directory environments
• Experience testing against both Linux based and Windows based systems
• Experience developing custom malware and evading EDR solutions
• Experience coding in languages and on frameworks such as: Python, JavaScript, Bash, PowerShell, Java, C#, C++, Springboot, React, NodeJS
• Advanced networking knowledge spanning: IPv4/6, DNS, TCP/UDP, TLS/SSL, SSH, HTTP, SOCKS
• Advanced knowledge of modern cryptographic hashing & encryption methods and best practices
• Advanced organizational, planning and time management skills
• Advanced communication, presentation, and analytical skills

Preferred Qualifications:

• Advanced degree in Information Technology, Electrical Engineering, Computer Science, or the equivalent combination of education, training or experience
• At least one of the following certifications: OSCP, OSCE, OSEE, OSWE, OSWP, CREST penetration testing certifications ("Registered" and "Certified" levels such as CRT or CCSAS)
• Experience writing enterprise applications or performing techniques such as source code review, pair programming, etc.
• Experience leading testing engagements end to end.
• Advanced knowledge of Navy Federal's functions, philosophy, operations and organizational objectives

Hours: Monday - Friday, 8:00AM - 4:30PM

Locations: 820 Follin Lane, Vienna, VA 22180 | 5550 Heritage Oaks Dr. Pensacola, FL 32526 | 141 Security Dr. Winchester, VA 22602 | 9999 Willow Creek Road San Diego, CA 92131 | Remote

Cybersecurity Specialist 49-05-8013

Fort Detrick, Maryland

RB Consulting, Inc. ("RBCI") is a company that truly believes that workforce diversity is a major contributor to success. Since its inception, RBCI has made a concerted effort to attract and recruit talented individuals from all walks of life. RBCI is a Service-Disabled Veteran-Owned Small Business (SDVOSB) providing information technology (IT) services and solutions, and professional services to commercial businesses, the Department of Defense (DoD), and other federal agencies.

We provide exceptional management and technology solutions that deliver practical and innovative results to our clients. With experience in project management, software design and development, systems integration, business analysis, testing, logistics operations, and financial management solutions, RBCI specializes in delivering custom applications that leverage commercial off-the-shelf (COTS) products. At RBCI, we pride ourselves in providing our clients with superior solutions and services that result in more than simply meeting mission requirements; we strive to solve their toughest problems while exceeding their expectations in responsiveness and flexibility.

RBCI provides generous benefits to our employees, including health/dental insurance, short-term/long-term disability, and a 401(K)-retirement plan, in addition to a highly competitive salary.

For more information, please visit us at www.rbci.com.

Position Summary

RBCI is seeking Cybersecurity Specialists to support the Integrated Clinical System PMO's mission to develop, manage and perform end to end life cycle logistics on medical equipment to protect and sustain the Warfighter's and their families for the Nation. The Cybersecurity Specialist will work directly with DoD and vendors running tests and evaluations on their medical equipment operating systems that will be sitting on the DoD network validating that the systems meet the DoD Risk Management Framework (RMF) requirements ensure the system is not vulnerable to inside and outside threats. This position is hybrid and supports the Fort Detrick, MD location (Contractor office within 10 miles of Fort Detrick).

(Military Veterans are highly encouraged to apply)

• This position is responsible for working with RBCI's team supporting our DoD customer to ensure the appropriate administrative, physical and technical information security safeguards are implemented across a portfolio of deployed military medical devices.

• Under general guidance of the Team Lead and the client, the incumbent will conduct information security assessments and testing to ensure the proper implementation of security controls across the environment. This includes populating defined security/risk assessments, identifying gaps and compensating controls, identifying remediation plans, and publishing management reports of results. This position may also participate in incident response investigations, help identify opportunities for product improvement, maintain policies and procedures that are designed to be operationally effective and efficient, and monitor compliance to policies, laws and regulations. The security specialist works with the DoD client to select and deploy technical controls to meet specific security requirements and defines processes and standards to ensure that security configurations are maintained.

• Conduct evaluations of technical and non-technical security safeguards to demonstrate and document compliance with the DoD's Risk Management Framework (RMF) requirements for security and interoperability.

• Perform information security risk assessments as part of the project lifecycle to ensure that new medical device technology conforms to security standards against internal and external threats.

• Perform Independent verification and validation (IV&V) testing, to include documentation of Plan of Action and Milestones (POAM) data within the DoD system.

• Perform risk assessments of information and technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of information and technology systems.

• Work with security leadership and stakeholders to identify remediation strategies and plans to enforce security requirements and address risks identified in the risk assessment process.

• Along with the Security Architect, advise during application development or acquisition projects to ensure that security controls are implemented as planned.

• Work with other security department members and stakeholders in scoping, planning and conducting third-party penetration testing, code reviews, or security assessments during the information security process.

• Perform risk assessments of third-party technology systems by conducting accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of DoD information and technology systems.

• Produce information security risk assessment reports that identify gaps with DoD Security Policies & Standards and propose remediation plans.

• Assist in conducting information system activity reviews and participate in Risk Management Framework (RMF) testing exercises and activities: Monitor and test application and network activity for assurance that systems of controls are in place and effective, and for compliance to DoD policies and federal regulations.

Required Qualifications

• Bachelor's degree in a related discipline or a minimum of four (4) years of experience

• Must be a U.S. citizen with a current Public Trust Clearance; Desired: Secret Clearance

• Working knowledge internal controls & IT Risk Assessment and Mitigation procedures

• Technical experience in security-related technologies such as encryption, remote access, anti-virus systems, etc.

• A basic knowledge of the 8 domains of the Common Body of Knowledge for information security:

• Security & Risk Management
• Asset Security
• Security Engineering
• Communications and Network Security
• Identity and Access Management
• Security Assessment and Testing
• Security Operations
• Software Development Security

Preferred Qualifications

• Desired: Experience with medical devices or a working knowledge of security frameworks such as HIPAA, HITRUST, NIST, ISO or other industry standards that are relevant to the DoD medical enterprise

Physical Demands and Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position. Reasonable accommodation may be made to enable individuals with disabilities to perform the functions. While performing the duties of this position, the employee is regularly required to talk or hear. The employee frequently is required to use hands or fingers, handle or feel objects, tools, or controls. The employee is occasionally required to stand, walk; sit; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Specific vision abilities required by this position include close vision, distance vision, and the ability to adjust focus. The noise level in the work environment is typically low to moderate.

Notes

This job description in no way states or implies that these are the only duties to be performed by the employee(s) incumbent in this position. Employees will be required to follow any other job-related instructions and to perform any other job-related duties requested by any person authorized to give instructions or assignments. All duties and responsibilities are essential functions and requirements and are subject to possible modification to reasonably accommodate individuals with disabilities. To perform this job successfully, the incumbents will possess the skills, aptitudes, and abilities to perform each duty proficiently. Some requirements may exclude individuals who pose a direct threat or significant risk to the health or safety of themselves or others. The requirements listed in this document are the minimum levels of knowledge, skills, or abilities. This document does not create an employment contract, implied or otherwise, other than an "at will" relationship.

RBCI is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender, identity, national origin, disability, or veteran status.